Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/1qLqqTllve4zCxVAYOzBHvpeKI4.roa
File:                     1qLqqTllve4zCxVAYOzBHvpeKI4.roa (raw, json)
Hash identifier:          vb9EDboxZKlgHYFjRAGPCvT6HrDSb4Ej+FgPnOTiZKQ=
Subject key identifier:   D6:A2:EA:A9:39:65:BD:EE:33:0B:15:40:60:EC:C1:1E:FA:5E:28:8E
Certificate issuer:       /CN=d0bd4ca7f331aa2ad91240a6583a176c005e8a63
Certificate serial:       019421439F1D2FD97D0C30971148B4C75292
Authority key identifier: D0:BD:4C:A7:F3:31:AA:2A:D9:12:40:A6:58:3A:17:6C:00:5E:8A:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0L1Mp_MxqirZEkCmWDoXbABeimM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/1qLqqTllve4zCxVAYOzBHvpeKI4.roa
Signing time:             Wed 01 Jan 2025 09:47:47 +0000
ROA not before:           Wed 01 Jan 2025 09:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44407
IP address blocks:        185.181.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/0L1Mp_MxqirZEkCmWDoXbABeimM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/0L1Mp_MxqirZEkCmWDoXbABeimM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0L1Mp_MxqirZEkCmWDoXbABeimM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:9f:1d:2f:d9:7d:0c:30:97:11:48:b4:c7:52:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d0bd4ca7f331aa2ad91240a6583a176c005e8a63
        Validity
            Not Before: Jan  1 09:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6a2eaa93965bdee330b154060ecc11efa5e288e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:9e:4f:04:f9:83:98:8b:4a:40:d1:7c:aa:04:
                    6b:b7:b4:fc:47:59:2e:ef:ae:a5:cc:ea:20:a4:75:
                    4e:28:bc:4a:7f:ee:57:6c:46:9d:d1:d6:c7:7e:b2:
                    5d:83:df:39:32:f7:02:63:18:50:91:78:f8:4c:ca:
                    c5:03:3a:4e:58:30:29:c3:53:f5:ca:b3:43:35:12:
                    26:a2:9b:ba:d0:74:f3:ff:2c:af:cc:16:8f:42:70:
                    91:36:41:58:41:33:13:91:42:06:41:2a:87:4c:62:
                    3a:a9:79:ea:00:39:9b:e8:c8:19:c2:a7:30:b4:ba:
                    33:57:d7:8a:ef:fb:fc:5e:fd:cc:b7:81:be:8c:3c:
                    4a:bf:ec:9b:33:5d:0c:ee:28:51:e5:01:be:40:68:
                    5c:f2:f3:b4:ce:d6:9c:5f:cf:7d:52:6e:b9:8b:41:
                    40:f9:cd:14:06:66:f8:18:3d:d6:d8:4c:7b:e9:4e:
                    6e:c4:78:e8:6b:57:78:e3:99:a6:d4:5e:88:77:03:
                    78:81:92:cc:d0:c5:dc:34:52:b4:c9:2f:53:4b:2b:
                    a4:dc:6c:87:4e:e2:1e:fc:3f:c9:9a:02:c4:32:2b:
                    6d:7b:00:a9:d8:e8:7b:b2:35:89:02:60:2b:3a:bf:
                    ed:a0:25:4d:e1:32:12:d9:08:f9:8b:41:a3:21:bf:
                    20:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:A2:EA:A9:39:65:BD:EE:33:0B:15:40:60:EC:C1:1E:FA:5E:28:8E
            X509v3 Authority Key Identifier:
                keyid:D0:BD:4C:A7:F3:31:AA:2A:D9:12:40:A6:58:3A:17:6C:00:5E:8A:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0L1Mp_MxqirZEkCmWDoXbABeimM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/1qLqqTllve4zCxVAYOzBHvpeKI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1d9440-cee8-4383-b0a0-e0b5a92df940/1/0L1Mp_MxqirZEkCmWDoXbABeimM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.181.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:17:c1:8a:3b:00:ec:6c:29:8e:44:36:dc:38:28:55:dd:c8:
         97:b9:27:c9:65:81:db:92:97:b3:04:3b:49:7e:e3:6f:d4:9e:
         98:0a:7e:5d:ee:23:d5:12:35:f4:6b:c0:3f:2c:a5:bc:35:8d:
         be:ed:d2:c5:86:7a:36:8b:ce:b1:66:b0:8d:e7:e4:cb:b4:f5:
         d7:fb:db:1f:35:16:3a:0d:5a:2d:73:ee:d2:5f:90:f1:ff:2a:
         7b:2c:12:4e:6a:d0:0e:3f:86:e5:7f:b6:9d:bd:3b:3a:a6:6a:
         63:ab:52:b0:9a:42:37:1c:7d:ad:48:4c:ba:c8:42:d4:e7:bc:
         2a:48:e0:4e:dc:28:57:c7:16:3e:41:8b:48:65:ae:78:b8:5e:
         9b:38:75:01:db:54:67:68:ef:36:4a:5d:be:e2:d5:0b:78:47:
         62:36:e7:48:24:29:2e:cd:6a:72:e4:81:c3:84:b2:93:cc:8b:
         54:b7:c6:ca:e8:34:a0:ff:29:49:54:c4:97:83:40:c7:b3:0c:
         35:95:c8:38:66:7b:a1:75:fe:bf:7b:8b:f3:48:37:da:3a:04:
         a3:f5:be:9d:d0:1a:33:33:f1:78:79:4e:7c:e8:52:77:47:56:
         15:f3:29:00:a5:f0:3d:4e:54:39:8f:bb:43:82:a7:07:c0:cb:
         65:7e:ee:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ58dL9l9DDCXEUi0x1KSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwYmQ0Y2E3ZjMzMWFhMmFkOTEyNDBhNjU4M2ExNzZjMDA1
ZThhNjMwHhcNMjUwMTAxMDk0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmEyZWFhOTM5NjViZGVlMzMwYjE1NDA2MGVjYzExZWZhNWUyODhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z5PBPmDmItKQNF8qgRrt7T8R1ku
766lzOogpHVOKLxKf+5XbEad0dbHfrJdg985MvcCYxhQkXj4TMrFAzpOWDApw1P1
yrNDNRImopu60HTz/yyvzBaPQnCRNkFYQTMTkUIGQSqHTGI6qXnqADmb6MgZwqcw
tLozV9eK7/v8Xv3Mt4G+jDxKv+ybM10M7ihR5QG+QGhc8vO0ztacX899Um65i0FA
+c0UBmb4GD3W2Ex76U5uxHjoa1d445mm1F6IdwN4gZLM0MXcNFK0yS9TSyuk3GyH
TuIe/D/JmgLEMittewCp2Oh7sjWJAmArOr/toCVN4TIS2Qj5i0GjIb8gMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNai6qk5Zb3uMwsVQGDswR76XiiOMB8GA1UdIwQY
MBaAFNC9TKfzMaoq2RJAplg6F2wAXopjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEwxTXBfTXhxaXJaRWtDbVdEb1hiQUJlaW1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8xZDk0NDAtY2VlOC00MzgzLWIwYTAt
ZTBiNWE5MmRmOTQwLzEvMXFMcXFUbGx2ZTR6Q3hWQVlPekJIdnBlS0k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8xZDk0NDAtY2VlOC00MzgzLWIwYTAtZTBiNWE5MmRmOTQw
LzEvMEwxTXBfTXhxaXJaRWtDbVdEb1hiQUJlaW1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubWcMA0G
CSqGSIb3DQEBCwUAA4IBAQBJF8GKOwDsbCmORDbcOChV3ciXuSfJZYHbkpezBDtJ
fuNv1J6YCn5d7iPVEjX0a8A/LKW8NY2+7dLFhno2i86xZrCN5+TLtPXX+9sfNRY6
DVotc+7SX5Dx/yp7LBJOatAOP4blf7advTs6pmpjq1KwmkI3HH2tSEy6yELU57wq
SOBO3ChXxxY+QYtIZa54uF6bOHUB21RnaO82Sl2+4tULeEdiNudIJCkuzWpy5IHD
hLKTzItUt8bK6DSg/ylJVMSXg0DHsww1lcg4Znuhdf6/e4vzSDfaOgSj9b6d0Boz
M/F4eU586FJ3R1YV8ykApfA9TlQ5j7tDgqcHwMtlfu5W
-----END CERTIFICATE-----